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DETAILED ACTION 

1 . Applicant's arguments filed March 10, 2008, have been fully considered. 

2. Claims 1-19, 21-41, and 43-57 are pending and have been examined. 

Response to Amendment 

3. Applicant's arguments with respect to the prior art have been considered but are 
moot in view of the new ground(s) of rejection. 

4. Regarding claims 1 9 and 20, Examiner submits that Garcia teaches using 
encryption and also suggests using any other encryption algorithms, as such, 
anticipates the claimed subject matter. 

Continued Examination Under 37 CFR 1.114 

5. A request for continued examination under 37 CFR 1.114, including the fee set 
forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this 
application is eligible for continued examination under 37 CFR 1.114, and the fee set 
forth in 37 CFR 1 .17(e) has been timely paid, the finality of the previous Office action 
has been withdrawn pursuant to 37 CFR 1.114. 

Claim Objections 

6. Claims 35-38 and 40 are objected to because of the following informalities: they 
are written as dependent from claim 33, perhaps claim 34 was intended. Appropriate 
correction is required. 

Claim Rejections - 35 USC § 101 

7. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 



Application/Control Number: 10/699,124 
Art Unit: 2136 



Page 3 



8. Claims 45-57 are not limited to tangible embodiments. In view of applicants' 
disclosure (pars. 88-89), the server and the client are not limited to hardware, but can 
be software, and according to the art, a server/client can consist on software routines. 
As such, the claims are not limited to statutory subject matter and is therefore non- 
statutory. 

Claim Rejections - 35 USC § 102 

9. The text of those sections of Title 35, U.S. Code not included in this action can 
be found in a prior Office action. 

10. Claims 19, 21-22, 41, and 43-44 are rejected under 35 U.S.C. 102(e) as being 
anticipated by Garcia (US Patent 7,178,033). 

Regarding claims 19 and 41, Garcia teaches 

encrypting an electronic document (col. 11, lines 55-67); and incorporating into 
the encrypted electronic document an address of a document control server, document- 
permissions information, and an encryption key useable in decrypting the encrypted 
electronic document, the encryption key being encrypted with a key generated by, and 
associated with a group of users of, the document control server; 

wherein the encryption key comprises a session key generated by the document 
control server, encrypting the electronic document comprises encrypting the electronic 
document using a document key, and incorporating comprises incorporating into the 
encrypted electronic document a document security payload comprising the document 
key and the document-permissions information, the document security payload being 
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encrypted using the session key_(col. 7, lines 45-67, col. 11, lines 40-67, col. 12, lines 
1-65), 

Regarding claims 21 and 43, Garcia teaches wherein the document security 
payload further comprises a document identifier assigned by the document control 
server, and incorporating further comprises incorporating into the encrypted electronic 
document a copy of the session key encrypted using a public key associated with the 
document control server (col. 11, lines 40-67, col. 12, lines 1-65). 

Regarding claims 22 and 44, Garcia teaches wherein the document- 
permissions information specifies access permissions at a level of granularity smaller 
than the electronic document (col. 11, lines 40-67, col. 12, lines 1-65). 

Claim Rejections - 35 USC § 103 

1 1 . The text of those sections of Title 35, U.S. Code not included in this action can 
be found in a prior Office action. 

12. Claims 1-8, 10-17, 23-30, 32-39, and 45-57 are rejected under 35 

U.S.C. 103(a) as being unpatentable over Garcia, and further in view of Altenhofen 
et al. (US Patent Application Publication 2003/0232318, hereinafter Altenhofen). 

Regarding claims 1 and 23, Garcia teaches receiving a request from a client to 
take an action with respect to a first electronic document (col. 11, lines 55-67)j_and 
synchronizing access information with the client in response to the request, to authorize 
the client, to allow actions by a user as a member of a group of users, by sending to the 
client an update to access information retained at the client, the update comprising a 
first key associated with the group, the first key being useable at the client to access a 
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second electronic document while offline by decrypting a second key in the second 
electronic document (col. 11, lines 40-67, col. 12, lines 1-31). 

Garcia does not expressly disclose synchronization of offline access information 
or pre-authorizing the client. However, Altenhofen teaches synchronizing offline access 
and pre-authorizing the client (pars. 80-84, client allows/block access and synchronizes 
access information). 

Therefore, it would have been obvious to one having ordinary skill in the art at 
the time the invention was made to synchronize offline access and pre-authorize the 
client. One of ordinary skill in the art would have been motivated to perform such a 
modification to keep track of offline access and user progress to intellectual property 
(Altenhofen, pars. 5-7, 13-14). 

Regarding claims 12 and 34, Garcia teaches with receiving a document control 
server, when online, to access to an electronic document, the synchronizing comprising 
receiving an update to offline access information retained locally, the update comprising 
a first key associated with a group of users of the document control server (col. 11, 
lines 55-67); and allowing access to the electronic document, when offline, by 
performing operations comprising using the first key to decrypt a second key in the 
electronic document and governing actions with respect to the electronic document 
based on document-permissions information associated with the electronic document 
(col. 11, lines 40-67, col. 12, lines 1-31). 

Garcia does not expressly disclose synchronization of offline access information 
or pre-authorizing the client. However, Altenhofen teaches synchronizing offline access 
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and pre-authorizing the client (pars. 80-84, client allows/block access and synchronizes 
access information). 

Therefore, it would have been obvious to one having ordinary skill in the art at 
the time the invention was made to synchronize offline access and pre-authorize the 
client. One of ordinary skill in the art would have been motivated to perform such a 
modification to keep track of offline access and user progress to intellectual property 
(Altenhofen, pars. 5-7, 13-14). 

Regarding claims 45 and 56, Garcia teaches a document control server that 
synchronizes information with a client in response to a client request, to authorize offline 
access to an electronic document by sending an update to the offline access 
information retained at the client, the update comprising a first key associated with a 
group, the first key being useable at the client to access the electronic document by 
decrypting a second key in the electronic document (col. 11, lines 40-67); and the client 
that allows access to the electronic document, when offline, by a user as a member of 
the group, using the first key to decrypt the second key in the electronic document and 
governing actions with respect to the electronic document based on document- 
permissions information associated with the electronic document (col. 11, lines 40-67, 
col. 12, lines 1-31). 

Garcia does not expressly disclose synchronization of offline access information 
or pre-authorizing the client. However, Altenhofen teaches synchronizing offline access 
and pre-authorizing the client (pars. 80-84, client allows/block access and synchronizes 
access information). 
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Therefore, it would have been obvious to one having ordinary skill in the art at 
the time the invention was made to synchronize offline access and pre-authorize the 
client. One of ordinary skill in the art would have been motivated to perform such a 
modification to keep track of offline access and user progress to intellectual property 
(Altenhofen, pars. 5-7, 13-14). 

Regarding claim 2 and 24, the combination of Garcia and Altenhofen teaches 
synchronizing offline access information with the client comprises comparing a time of 
last recorded client-synchronization with a time of last change in user-group information 
for the user (Altenhofen, pars. 80-84, client allows/block access and synchronizes 
access information). 

Regarding claims 3 and 25, the combination of Garcia and Altenhofen teaches 
synchronizing offline access information with the client comprises receiving user-group 
information for the user from the client: and comparing current user-group information 
for the user with the received user-group information for the user from the client 
(Altenhofen, pars. 80-84, client allows/block access and synchronizes access 
information). 

Regarding claims 4 and 26, the combination of Garcia and Altenhofen teaches 
wherein the client allows actions with respect to the second electronic document based 
on document-permissions information residing in the second electronic document 
(Garcia, col. 13, lines 40-67, Altenhofen, pars. 45-48). 

Regarding claims 5 and 27, the combination of Garcia and Altenhofen teaches 
wherein the offline access information update further comprises document-permissions 
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information associated with multiple documents, including the second electronic 
document, and the client allows actions with respect to the second electronic document 
based on the document-permissions information (col. 13, lines 40-67, col. 14, lines 22- 
67). 

Regarding claims 6 and 28, the combination of Garcia and Altenhofen teaches 
wherein synchronizing offline access information with the client comprises 
synchronizing silently in a background process without the user being aware of the 
update (Altenhofen, pars. 80-84, client allows/block access and synchronizes access 
information). 

Regarding claims 7 and 29, the combination of Garcia and Altenhofen teaches 
wherein the request requires authentication, the method further comprising verifying the 
user at the client as an authenticated user (Garcia, col. 13, lines 40-67, Altenhofen, 
pars. 80-84, client allows/block access and synchronizes access information). 

Regarding claims 8 and 30, the combination of Garcia and Altenhofen teaches 
wherein the offline access information update further comprises: at least one user- 
specific key; at least one group-specific key, including the first key; and at least one set 
of document-permissions information associated with multiple documents (col. 7, lines 
45-67, col. 13, lines 40-67, col. 14, lines 22-67). 

Regarding claims 10 and 32, the combination of Garcia and Altenhofen teaches 
wherein the at least one set of document-permissions information comprises one or 
more policies associated with the first document, and the offline access information 
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update further comprises a document revocation list (Garcia, col. 13, lines 40-67, col. 
14, lines 22-67). 

Regarding claims 11 and 33, the combination of Garcia and Altenhofen teaches 
wherein the offline access information update further comprises at least one set of 
document-permissions information associated with a specific document, selected based 
on synchronization prioritization information (Garcia, col. 13, lines 40-67, col. 14, lines 
22-67, Altenhofen, pars. 80-84, client allows/block access and synchronizes 
access information). 

Regarding claims 13 and 35, the combination of Garcia and Altenhofen teaches 
wherein governing actions with respect to the electronic document comprises obtaining 
the document-permissions information from the electronic document (Garcia, col. 13, 
lines 40-67, col. 14, lines 22-67). 

Regarding claims 14 and 36, the combination of Garcia and Altenhofen teaches 
wherein governing actions with respect to the electronic document comprises: 
identifying a document policy reference in the electronic document; and obtaining locally 
retained document-permissions information based on the document policy reference 
(Garcia, col. 13, lines 40-67, col. 14, lines 22-67). 

Regarding claims 15 and 37, the combination of Garcia and Altenhofen teaches 
wherein the offline access information update comprises at least one user-specific key, 
at least one group-specific key, including the first key, at least one set of document- 
permissions information associated with multiple documents, and a document 
revocation list (Garcia, col. 7, lines 45-67, col. 13, lines 40-67, col. 14, lines 22-67). 
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Regarding claims 16 and 38, the combination of Garcia and Altenhofen teaches 
preventing access to the document, when offline, if a difference between a current time 
and a receipt time of the offline access information exceeds a server-synchronization- 
frequency parameter (Garcia, col. 11, lines 40-67, col. 12, lines 32-65, fig. 3B). 

Regarding claims 17 and 39, the combination of Garcia and Altenhofen teaches 
wherein the server-synchronization- frequency parameter is specific to the document 
(Garcia, col. 11, lines 40-67, col. 12, lines 32-65, fig. 3B). 

Regarding claim 46, the combination of Garcia and Altenhofen teaches wherein 
the electronic document comprises the document-permissions information (Garcia, col. 
11, lines 40-67, col. 12, lines 1-65). 

Regarding claim 47, the combination of Garcia and Altenhofen teaches wherein 
the second key comprises a session key generated by the document control server, and 
the electronic document further comprises a document security payload comprising a 
document key and the document-permissions information, the document security 
payload being encrypted using the session key (Garcia, col. 7, lines 45-67, col. 11, 
lines 40-67, col. 12, lines 1-65). 

Regarding claim 48, the combination of Garcia and Altenhofen teaches wherein 
the offline access information update further comprises: at least one user-specific key; 
at least one group-specific key, including the first key; and at least one set of document- 
permissions information associated with multiple documents (Garcia, col. 7, lines 45- 
67, col. 13, lines 40-67, col. 14, lines 22-67, Altenhofen, pars. 80-84, client 
allows/block access and synchronizes access information). 
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Regarding claim 49, the combination of Garcia and Altenhofen teaches wherein 
the client comprises an agent that periodically contacts the document control server to 
synchronize the offline access information (Altenhofen, pars. 80-84, client 
allows/block access and synchronizes access information). 

Regarding claim 50, the combination of Garcia and Altenhofen teaches wherein 
the document control server comprises: a server core with configuration and logging 
components; an internal services component that provides functionality across 
dynamically loaded methods; and dynamically loaded external service providers, 
including one or more access control service providers (Garcia, col. 16, lines 31-67, 
Altenhofen, fig. 9). 

Regarding claim 51, the combination of Garcia and Altenhofen teaches a 
business logic tier comprising a cluster of document control servers, including the 
document control server; an application tier including the client comprising a viewer 
client, a securing client, and an administration client; and a load balancer that routes 
client requests to the document control servers (Garcia, col. 15, lines 29-67, col. 16, 
lines 1-31, Altenhofen, fig. 9). 

Regarding claim 52, the combination of Garcia and Altenhofen teaches wherein 
the client request comprises a request from the client to take an action with respect to a 
second document, and the document control server synchronizes offline access 
information with the client silently in a background process without the user being aware 
of the update (Garcia, col. 15, lines 29-67, col. 16, lines 1-31, Altenhofen, pars. 80- 
84, client allows/block access and synchronizes access information). 
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Regarding claim 53, the combination of Garcia and Altenhofen teaches wherein 
the document control server comprises a permissions-broker server including a 
translation component, the second document comprises a document secured previously 
by the permissions-broker server, and the translation component being operable to 
translate first document-permissions information in a first permissions-definition format 
into second document-permissions information in a second permissions-definition 
format in response to the request being received from the client (col. 15, lines 29-67, 
col. 16, lines 1-31). 

Regarding claim 54, the combination of Garcia and Altenhofen teaches wherein 
the server comprises a permissions- broker server operable to identify information 
associated with the second document in response to the request, the associated 
information being retained at the server and indicating a third electronic document 
different from and associated with the second document, the server being operable to 
relate information concerning the third electronic document to the client to facilitate the 
action to be taken (col. 15, lines 29-67, col. 16, lines 1-31). 

Regarding claim 55, the combination of Garcia and Altenhofen teaches wherein 
the server comprises a permissions- broker server operable to obtain and send, in 
response to the request, a software program comprising instructions operable to cause 
one or more data processing apparatus to perform operations effecting an 
authentication procedure, and the client uses the authentication program to identify a 
current user and control the action with respect to the second document based on the 
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current user and document-permissions information associated with the second 
document (col. 15, lines 29-67, col. 16, lines 1-31). 

Regarding claim 57, the combination of Garcia and Altenhofen teaches server 
means for dynamically obtaining and sending authentication processes in response to 
client requests to take actions with respect to electronic documents; and client means 
for interfacing with a received authentication process to identify a current user and for 
controlling actions with respect to electronic documents based on the current user and 
document-permissions information (col. 15, lines 29-67, col. 16, lines 1-31). 
13. Claims 9, 18, 31, and 40 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Garcia and Altenhofen, and further in view of DeMarines (NPL 
"Authentica: Content Security for the Enterprise"). 

Regarding claims 9 and 31, the combination of Garcia and Altenhofen does not 
expressly disclose receiving an offline audit log from the client. However, DeMarines 
teaches receiving an offline audit log from the client (page 10). Therefore, it would have 
been obvious to one having ordinary skill in the art at the time the invention was made 
to provide offline audit logs. One of ordinary skill in the art would have been motivated 
to perform such a modification to keep track of offline access to secured files 
(DeMarines, pp. 2-3). 

Regarding claims 18 and 40, the combination of Garcia and Altenhofen does 
not expressly disclose maintaining an offline audit log; and uploading the offline audit 
log when online. However, DeMarines teaches maintaining an offline audit log; and 
uploading the offline audit log when online (page 10). Therefore, it would have been 
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obvious to one having ordinary skill in the art at the time the invention was made to 
provide offline audit logs. One of ordinary skill in the art would have been motivated to 
perform such a modification to keep track of offline access to secured files (DeMarines, 
pp. 2-3). 

Conclusion 

14. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to DAVID CERVETTI whose telephone number is 

(571 )272-5861 . The examiner can normally be reached on Monday-Tuesday and 
Thursday-Friday. 

1 5. If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Nasser Moazzami can be reached on (571)272-4195. The fax phone 
number for the organization where this application or proceeding is assigned is 571- 
273-8300. 

16. Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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Primary Examiner, Art Unit 2136 



